Register Now
Log in
Compliance Solutions
Compliance challenges
The breadth and depth of the various regulations spans many departmental boundaries and introduces many technological and operational challenges. They include:
- The necessity to manage large amounts of data, including systems availability, access and authentication, system attacks, etc.
- Intrusion Detection and Intrusion Prevention systems requirements, as well as network traffic to capture and correlate network and event data sources.
- The necessity to obtain, analyze, and correlate this data in a responsive and efficient manner: both for real-time system monitoring, and for historical analysis for the generation of audit trails.
Solving compliance needs with NitroSecurity
Compliance regulations continue to evolve as security threats increase and evolve.Ê More and more companies are finding themselves obligated under multiple legislative acts! Simplify compliance efforts by:
- Collecting necessary logs and storing them in a compliant fashion
- Maintaining an audit trail for user and application activity
- Providing ganular data stores for followup forensic operations if needed
- Providing proof-of-compliance
FoxHollow Technologies
NitroSecurity combines powerful, compliant log management and storage with NitroView LogCaster; real-time forensic analysis and correlation capabilities with NitroView Enterprise Security Manager; and direct monitoring and logging of core data assets with NitroGuard Database Monitor.
Singly, each provides comprehensive compliance solution. Together, this product suite covers nearly every aspect of regulatory compliance. User activity, mobility, location, access, authentication, and identity is monitored, analyzed and logged. A user's interaction with applications, systems, daatabases, and netowrks is likewise managed.
Examining specific areas of regulatory compliance (the PCI, FISMA, HIPAA, and Sarbanes-Oxley standards) and what an enterprise must do to meet those requirements clearly illustrates NitroSecurity's capabilities to facilitate meeting the stringent demands of regulatory compliance.
Lifecell Corporation
Proving Regulatory Compliance
NitroView's pre-defined policies and reports focus on the regulatory issues mandated by the Sarbanes-Oxley Act of 2002 (SOX), the Federal Information Management and Security Act (FISMA), the Healthcare Insurance Portability and Accountability Act (HIPAA), and the ISO 17799 and PCI Data Security standards to prove your organization's security measures comply with government agency regulations and industry standards. with LogCaster, your compliance reports are only keystrokes away.
NitroView provides pre-defined, scheduled reports for BASEL II, FISMA, HIPAA, PCI, and SOX — as well as application-specific reports to provide supplemental information to a variety of compliance reports. Because NitroView maintains data granularity over long periods of time, the reports generated by NitroView are robust and complete.
Mark Nicolett, Gartner, "DAM Technology Provides Monitoring & Analytics", NOV 2007
PCI
Payment Card Industry Data Security Standard
|
There are twelve security requirements mandated by PCI, of which several relate directly to security and log management - including the troublesome PCI sections 10, 11.4, 12.9 and 12.10. NitroSecurity provides both log management, analysis, data monitoring and intrusion prevention solutions that cover nearly every aspect of PCI compliance—more in-depth PCI compliance coverage than any other solution. |
FISMA
Federal Information Security Management Act
|
FISMA requires each federal agency to develop, document, and implement an agency-wide program to provide security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. NitroSecurity provides a solution for many areas of FISMA, including AC, AU, SC, IR and SI requirements. |
SOX
Sarbanes-Oxley Act
|
SOX focuses on 'internal controls' requirements, and most of what is required is non-technical. However, two of the SOX requirements - the requirements in SOX rule 302 and 404 - are aligned with a company's reporting structure. Although rules 302 and 404 mainly focus on financial reporting, a migration towards IT and security reporting is occurring as new internal controls procedures are being implemented. NitroSecurity offers log and event auditing and reporting to assist in these aspects of SOX compliance. |
HIPAA
Health Insurance Portability & Accountability Act
|
Compliance requirements under HIPAA are diverse, and include organizational, procedural and security standards. The Security Rule or Security Standards and Technical Safeguards is included in the Security Standards for the protection of Electronic Protected Health Information provision. NitroSecurity provides a solution for the Access Control portion of HIPAA 45 CFR Part 160 & Part 164, subparts A and C. |
DCID 6-3
Director of Central Intelligence Directive 6/3
|
This directive establishes that "Appropriate security measures shall be implemented to ensure the confidentiality, integrity, and availability of information." NitroSecurity provides a solution for the DCID including 6-3 section B2 and other areas relating to the protection, tracking and auditing of information. HIPAA 45 CFR Part 160 & Part 164, subparts A and C. |
FERPA
Family Educational Rights & Privacy
|
FERPA (Family Educational Rights & Privacy) is a federal educational requirement for educational institutions to provide and enforce privacy rights to students and their families. NitroSecurity provides a solution for ad-hoc forensics and historical investigations of data that facilitate conforming to the wide scope of regulations such as FERPA. |
